Windows
Analysis Report
hesaphareketi-01.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
hesaphareketi-01.exe (PID: 7352 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-01. exe" MD5: 7CCB3C07BF2918BBCAD959E27E17F083) svchost.exe (PID: 7416 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-01. exe" MD5: 7CCB3C07BF2918BBCAD959E27E17F083) RegSvcs.exe (PID: 7456 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-01. exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) svchost.exe (PID: 7464 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\s vchost.exe " MD5: 7CCB3C07BF2918BBCAD959E27E17F083) RegSvcs.exe (PID: 7484 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\s vchost.exe " MD5: 9D352BC46709F0CB5EC974633A0C3C94)
wscript.exe (PID: 7664 cmdline:
"C:\Window s\System32 \WScript.e xe" "C:\Us ers\user\A ppData\Roa ming\Micro soft\Windo ws\Start M enu\Progra ms\Startup \svchost.v bs" MD5: A47CBE969EA935BDD3AB568BB126BC80) svchost.exe (PID: 7720 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\s vchost.exe " MD5: 7CCB3C07BF2918BBCAD959E27E17F083) RegSvcs.exe (PID: 7740 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\s vchost.exe " MD5: 9D352BC46709F0CB5EC974633A0C3C94) svchost.exe (PID: 7748 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\s vchost.exe " MD5: 7CCB3C07BF2918BBCAD959E27E17F083) RegSvcs.exe (PID: 7808 cmdline:
"C:\Users\ user\AppDa ta\Local\d irectory\s vchost.exe " MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "zqamcx.com", "Username": "sender@zqamcx.com", "Password": "Methodman991"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 25 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
Click to see the 49 entries |
System Summary |
---|
Source: | Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: |
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: frack113: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Michael Haag: |
Source: | Author: vburov: |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Timestamp: | 2024-07-26T09:28:35.751015+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49709 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T09:29:13.984243+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49716 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_006BDBBE | |
Source: | Code function: | 0_2_0068C2A2 | |
Source: | Code function: | 0_2_006C68EE | |
Source: | Code function: | 0_2_006C698F | |
Source: | Code function: | 0_2_006BD076 | |
Source: | Code function: | 0_2_006BD3A9 | |
Source: | Code function: | 0_2_006C9642 | |
Source: | Code function: | 0_2_006C979D | |
Source: | Code function: | 0_2_006C9B2B | |
Source: | Code function: | 0_2_006C5C97 | |
Source: | Code function: | 2_2_0008DBBE | |
Source: | Code function: | 2_2_0005C2A2 | |
Source: | Code function: | 2_2_000968EE | |
Source: | Code function: | 2_2_0009698F | |
Source: | Code function: | 2_2_0008D076 | |
Source: | Code function: | 2_2_0008D3A9 | |
Source: | Code function: | 2_2_00099642 | |
Source: | Code function: | 2_2_0009979D | |
Source: | Code function: | 2_2_00099B2B | |
Source: | Code function: | 2_2_00095C97 |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_006CCE44 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
Source: | Code function: | 5_2_065EE548 |
Source: | Windows user hook set: | Jump to behavior | ||
Source: | Windows user hook set: | Jump to behavior |
Source: | Code function: | 0_2_006CEAFF |
Source: | Code function: | 0_2_006CED6A | |
Source: | Code function: | 2_2_0009ED6A |
Source: | Code function: | 0_2_006CEAFF |
Source: | Code function: | 0_2_006BAA57 |
Source: | Code function: | 0_2_006E9576 | |
Source: | Code function: | 2_2_000B9576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_2da9eba6-4 | |
Source: | String found in binary or memory: | memstr_03c35d04-b | |
Source: | String found in binary or memory: | memstr_89bd292d-7 | |
Source: | String found in binary or memory: | memstr_7351fcc2-d | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_917f9649-1 | |
Source: | String found in binary or memory: | memstr_d7d4eb80-4 | |
Source: | String found in binary or memory: | memstr_01c71469-3 | |
Source: | String found in binary or memory: | memstr_e0a09421-0 | |
Source: | String found in binary or memory: | memstr_a5639778-3 | |
Source: | String found in binary or memory: | memstr_1d747352-b | |
Source: | String found in binary or memory: | memstr_c8b1b546-b | |
Source: | String found in binary or memory: | memstr_15bd4966-6 | |
Source: | String found in binary or memory: | memstr_d48ff083-1 | |
Source: | String found in binary or memory: | memstr_a1a80f0f-d | |
Source: | String found in binary or memory: | memstr_28172fcc-0 | |
Source: | String found in binary or memory: | memstr_ba0941d7-e |
Source: | COM Object queried: | Jump to behavior |
Source: | Process Stats: |
Source: | Code function: | 0_2_006BD5EB |
Source: | Code function: | 0_2_006B1201 |
Source: | Code function: | 0_2_006BE8F6 | |
Source: | Code function: | 2_2_0008E8F6 |
Source: | Code function: | 0_2_00658060 | |
Source: | Code function: | 0_2_006C2046 | |
Source: | Code function: | 0_2_006B8298 | |
Source: | Code function: | 0_2_0068E4FF | |
Source: | Code function: | 0_2_0068676B | |
Source: | Code function: | 0_2_006E4873 | |
Source: | Code function: | 0_2_0065CAF0 | |
Source: | Code function: | 0_2_0067CAA0 | |
Source: | Code function: | 0_2_0066CC39 | |
Source: | Code function: | 0_2_00686DD9 | |
Source: | Code function: | 0_2_0066D07D | |
Source: | Code function: | 0_2_0066B119 | |
Source: | Code function: | 0_2_006591C0 | |
Source: | Code function: | 0_2_00671394 | |
Source: | Code function: | 0_2_00671706 | |
Source: | Code function: | 0_2_0067781B | |
Source: | Code function: | 0_2_0066997D | |
Source: | Code function: | 0_2_00657920 | |
Source: | Code function: | 0_2_006719B0 | |
Source: | Code function: | 0_2_00677A4A | |
Source: | Code function: | 0_2_00671C77 | |
Source: | Code function: | 0_2_00677CA7 | |
Source: | Code function: | 0_2_006DBE44 | |
Source: | Code function: | 0_2_00689EEE | |
Source: | Code function: | 0_2_0065BF40 | |
Source: | Code function: | 0_2_00671F32 | |
Source: | Code function: | 0_2_00603640 | |
Source: | Code function: | 2_2_00092046 | |
Source: | Code function: | 2_2_00028060 | |
Source: | Code function: | 2_2_00088298 | |
Source: | Code function: | 2_2_0005E4FF | |
Source: | Code function: | 2_2_0005676B | |
Source: | Code function: | 2_2_000B4873 | |
Source: | Code function: | 2_2_0004CAA0 | |
Source: | Code function: | 2_2_0002CAF0 | |
Source: | Code function: | 2_2_0003CC39 | |
Source: | Code function: | 2_2_00056DD9 | |
Source: | Code function: | 2_2_0003B119 | |
Source: | Code function: | 2_2_000291C0 | |
Source: | Code function: | 2_2_00041394 | |
Source: | Code function: | 2_2_00041706 | |
Source: | Code function: | 2_2_0004781B | |
Source: | Code function: | 2_2_00027920 | |
Source: | Code function: | 2_2_0003997D | |
Source: | Code function: | 2_2_000419B0 | |
Source: | Code function: | 2_2_00047A4A | |
Source: | Code function: | 2_2_00041C77 | |
Source: | Code function: | 2_2_00047CA7 | |
Source: | Code function: | 2_2_00073CD2 | |
Source: | Code function: | 2_2_000ABE44 | |
Source: | Code function: | 2_2_00059EEE | |
Source: | Code function: | 2_2_00041F32 | |
Source: | Code function: | 2_2_04043640 | |
Source: | Code function: | 4_2_023C3640 | |
Source: | Code function: | 5_2_00408C60 | |
Source: | Code function: | 5_2_0040DC11 | |
Source: | Code function: | 5_2_00407C3F | |
Source: | Code function: | 5_2_00418CCC | |
Source: | Code function: | 5_2_00406CA0 | |
Source: | Code function: | 5_2_004028B0 | |
Source: | Code function: | 5_2_0041A4BE | |
Source: | Code function: | 5_2_00418244 | |
Source: | Code function: | 5_2_00401650 | |
Source: | Code function: | 5_2_00402F20 | |
Source: | Code function: | 5_2_004193C4 | |
Source: | Code function: | 5_2_00418788 | |
Source: | Code function: | 5_2_00402F89 | |
Source: | Code function: | 5_2_00402B90 | |
Source: | Code function: | 5_2_004073A0 | |
Source: | Code function: | 5_2_02CACF60 | |
Source: | Code function: | 5_2_02CACC18 | |
Source: | Code function: | 5_2_02CAD830 | |
Source: | Code function: | 5_2_02CA1025 | |
Source: | Code function: | 5_2_02CA1030 | |
Source: | Code function: | 5_2_065E43C8 | |
Source: | Code function: | 5_2_065E06B8 | |
Source: | Code function: | 5_2_065E0040 | |
Source: | Code function: | 5_2_065E7970 | |
Source: | Code function: | 5_2_06D19F3C | |
Source: | Code function: | 5_2_06D187E0 | |
Source: | Code function: | 5_2_06D1C7B0 | |
Source: | Code function: | 7_2_03AF3640 | |
Source: | Code function: | 9_2_02153640 | |
Source: | Code function: | 11_2_0113CEA8 | |
Source: | Code function: | 11_2_0113DAC0 | |
Source: | Code function: | 11_2_0113D1F0 | |
Source: | Code function: | 11_2_01131030 | |
Source: | Code function: | 11_2_067243B9 | |
Source: | Code function: | 11_2_067206B8 | |
Source: | Code function: | 11_2_06727570 | |
Source: | Code function: | 11_2_06720040 | |
Source: | Code function: | 11_2_06E79FAC | |
Source: | Code function: | 11_2_06E78850 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_006C37B5 |
Source: | Code function: | 0_2_006B10BF | |
Source: | Code function: | 0_2_006B16C3 | |
Source: | Code function: | 2_2_000810BF | |
Source: | Code function: | 2_2_000816C3 |
Source: | Code function: | 0_2_006C51CD |
Source: | Code function: | 0_2_006DA67C |
Source: | Code function: | 0_2_006C648E |
Source: | Code function: | 0_2_006542A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_006542DE |
Source: | Code function: | 0_2_00670A89 | |
Source: | Code function: | 2_2_00040A89 | |
Source: | Code function: | 5_2_0041C4E2 | |
Source: | Code function: | 5_2_00423179 | |
Source: | Code function: | 5_2_0041C4E2 | |
Source: | Code function: | 5_2_00423179 | |
Source: | Code function: | 5_2_0040E230 | |
Source: | Code function: | 5_2_0041C6BF | |
Source: | Code function: | 5_2_02CA47A7 | |
Source: | Code function: | 5_2_065EDDED | |
Source: | Code function: | 11_2_011347A7 | |
Source: | Code function: | 11_2_0672DDFD | |
Source: | Code function: | 11_2_06E74340 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0066F98E | |
Source: | Code function: | 0_2_006E1C41 | |
Source: | Code function: | 2_2_0003F98E | |
Source: | Code function: | 2_2_000B1C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-96367 | ||
Source: | Sandbox detection routine: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Code function: | 5_2_004019F0 |
Source: | Code function: | 11_2_06728CD7 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Code function: | 0_2_006BDBBE | |
Source: | Code function: | 0_2_0068C2A2 | |
Source: | Code function: | 0_2_006C68EE | |
Source: | Code function: | 0_2_006C698F | |
Source: | Code function: | 0_2_006BD076 | |
Source: | Code function: | 0_2_006BD3A9 | |
Source: | Code function: | 0_2_006C9642 | |
Source: | Code function: | 0_2_006C979D | |
Source: | Code function: | 0_2_006C9B2B | |
Source: | Code function: | 0_2_006C5C97 | |
Source: | Code function: | 2_2_0008DBBE | |
Source: | Code function: | 2_2_0005C2A2 | |
Source: | Code function: | 2_2_000968EE | |
Source: | Code function: | 2_2_0009698F | |
Source: | Code function: | 2_2_0008D076 | |
Source: | Code function: | 2_2_0008D3A9 | |
Source: | Code function: | 2_2_00099642 | |
Source: | Code function: | 2_2_0009979D | |
Source: | Code function: | 2_2_00099B2B | |
Source: | Code function: | 2_2_00095C97 |
Source: | Code function: | 0_2_006542DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: |
Source: | Code function: | 0_2_006CEAA2 |
Source: | Code function: | 0_2_00682622 |
Source: | Code function: | 5_2_004019F0 |
Source: | Code function: | 0_2_006542DE |
Source: | Code function: | 0_2_00674CE8 | |
Source: | Code function: | 0_2_006034D0 | |
Source: | Code function: | 0_2_00603530 | |
Source: | Code function: | 0_2_00601E80 | |
Source: | Code function: | 2_2_00044CE8 | |
Source: | Code function: | 2_2_040434D0 | |
Source: | Code function: | 2_2_04043530 | |
Source: | Code function: | 2_2_04041E80 | |
Source: | Code function: | 4_2_023C3530 | |
Source: | Code function: | 4_2_023C1E80 | |
Source: | Code function: | 4_2_023C34D0 | |
Source: | Code function: | 7_2_03AF3530 | |
Source: | Code function: | 7_2_03AF1E80 | |
Source: | Code function: | 7_2_03AF34D0 | |
Source: | Code function: | 9_2_02151E80 | |
Source: | Code function: | 9_2_02153530 | |
Source: | Code function: | 9_2_021534D0 |
Source: | Code function: | 0_2_006B0B62 |
Source: | Code function: | 0_2_00682622 | |
Source: | Code function: | 0_2_0067083F | |
Source: | Code function: | 0_2_006709D5 | |
Source: | Code function: | 0_2_00670C21 | |
Source: | Code function: | 2_2_00052622 | |
Source: | Code function: | 2_2_0004083F | |
Source: | Code function: | 2_2_000409D5 | |
Source: | Code function: | 2_2_00040C21 | |
Source: | Code function: | 5_2_0040CE09 | |
Source: | Code function: | 5_2_0040E61C | |
Source: | Code function: | 5_2_00416F6A | |
Source: | Code function: | 5_2_004123F1 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_006B1201 |
Source: | Code function: | 0_2_00692BA5 |
Source: | Code function: | 0_2_006BB226 |
Source: | Code function: | 0_2_006D22DA |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_006B0B62 |
Source: | Code function: | 0_2_006B1663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00670698 |
Source: | Code function: | 5_2_00417A20 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_006C8195 |
Source: | Code function: | 0_2_006AD27A |
Source: | Code function: | 0_2_0068B952 |
Source: | Code function: | 0_2_006542DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_006D1204 | |
Source: | Code function: | 0_2_006D1806 | |
Source: | Code function: | 2_2_000A1204 | |
Source: | Code function: | 2_2_000A1806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 111 Scripting | 2 Valid Accounts | 121 Windows Management Instrumentation | 111 Scripting | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 321 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 2 Valid Accounts | 2 Valid Accounts | 2 Obfuscated Files or Information | 1 Credentials in Registry | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | 2 Registry Run Keys / Startup Folder | 21 Access Token Manipulation | 1 Software Packing | NTDS | 148 System Information Discovery | Distributed Component Object Model | 321 Input Capture | 1 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 1 DLL Side-Loading | LSA Secrets | 441 Security Software Discovery | SSH | 3 Clipboard Data | 11 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Registry Run Keys / Startup Folder | 11 Masquerading | Cached Domain Credentials | 231 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 231 Virtualization/Sandbox Evasion | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 212 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | Virustotal | Browse | ||
50% | ReversingLabs | Win32.Trojan.Strab | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
50% | ReversingLabs | Win32.Trojan.Strab | ||
32% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
9% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
zqamcx.com | 78.110.166.82 | true | true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
78.110.166.82 | zqamcx.com | United Kingdom | 42831 | UKSERVERS-ASUKDedicatedServersHostingandCo-Location | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1482859 |
Start date and time: | 2024-07-26 09:27:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 11m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | hesaphareketi-01.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winEXE@18/14@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:28:20 | API Interceptor | |
09:28:20 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
78.110.166.82 | Get hash | malicious | CobaltStrike | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
zqamcx.com | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla, Clipboard Hijacker, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UKSERVERS-ASUKDedicatedServersHostingandCo-Location | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | AgentTesla, Clipboard Hijacker, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Users\user\Desktop\hesaphareketi-01.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271028 |
Entropy (8bit): | 7.972121533056188 |
Encrypted: | false |
SSDEEP: | 6144:KXfOMObGwoMRCqocPWiQo24gg+0MzUpYTjidyVHgahN6:6gbDLocPQovgqMwpAjlvv6 |
MD5: | A9229F9D21D17C051B3EEA5B89969A07 |
SHA1: | B3CFCF45E826205AB09BC9055E5DC8F78C041CFF |
SHA-256: | 3C20F4BD5A87A6956456DD5BD1DDE2585F36ECFF2E0E8476D08C804570CDBE0A |
SHA-512: | 728208CA648B331B7094DBD64C6A7E571EB3065D6D68DA37E7773ADC53BDDA92D6AAF38CBC5AC8E59D7B268532BF6A451A0CEF706FB7A9DD59A12664A79D680B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\hesaphareketi-01.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9768 |
Entropy (8bit): | 7.633561594584427 |
Encrypted: | false |
SSDEEP: | 192:Z1RBeYBwiJj/oGSU8lsMkvEfMtf9eTaiP:ZrBrBB3zssMksfMXabP |
MD5: | F02D481604F758EBF235BEF743CA83CC |
SHA1: | 7AF6BD58362953DB03F5E7901FA65A05A96BF2CC |
SHA-256: | C9E43F8F52791E353899EA8A7485A8DBEDDDE9CF5222FDD143600AC950282C42 |
SHA-512: | 2BB8A55F53F08F54CE58907E99093290E26044290D36D0536D529056286ED629B0EB8E9F60383B43058F640B99E53085F1FEA57BA13DACAB2EAED09AD6D0288D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271028 |
Entropy (8bit): | 7.972121533056188 |
Encrypted: | false |
SSDEEP: | 6144:KXfOMObGwoMRCqocPWiQo24gg+0MzUpYTjidyVHgahN6:6gbDLocPQovgqMwpAjlvv6 |
MD5: | A9229F9D21D17C051B3EEA5B89969A07 |
SHA1: | B3CFCF45E826205AB09BC9055E5DC8F78C041CFF |
SHA-256: | 3C20F4BD5A87A6956456DD5BD1DDE2585F36ECFF2E0E8476D08C804570CDBE0A |
SHA-512: | 728208CA648B331B7094DBD64C6A7E571EB3065D6D68DA37E7773ADC53BDDA92D6AAF38CBC5AC8E59D7B268532BF6A451A0CEF706FB7A9DD59A12664A79D680B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9768 |
Entropy (8bit): | 7.633561594584427 |
Encrypted: | false |
SSDEEP: | 192:Z1RBeYBwiJj/oGSU8lsMkvEfMtf9eTaiP:ZrBrBB3zssMksfMXabP |
MD5: | F02D481604F758EBF235BEF743CA83CC |
SHA1: | 7AF6BD58362953DB03F5E7901FA65A05A96BF2CC |
SHA-256: | C9E43F8F52791E353899EA8A7485A8DBEDDDE9CF5222FDD143600AC950282C42 |
SHA-512: | 2BB8A55F53F08F54CE58907E99093290E26044290D36D0536D529056286ED629B0EB8E9F60383B43058F640B99E53085F1FEA57BA13DACAB2EAED09AD6D0288D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271028 |
Entropy (8bit): | 7.972121533056188 |
Encrypted: | false |
SSDEEP: | 6144:KXfOMObGwoMRCqocPWiQo24gg+0MzUpYTjidyVHgahN6:6gbDLocPQovgqMwpAjlvv6 |
MD5: | A9229F9D21D17C051B3EEA5B89969A07 |
SHA1: | B3CFCF45E826205AB09BC9055E5DC8F78C041CFF |
SHA-256: | 3C20F4BD5A87A6956456DD5BD1DDE2585F36ECFF2E0E8476D08C804570CDBE0A |
SHA-512: | 728208CA648B331B7094DBD64C6A7E571EB3065D6D68DA37E7773ADC53BDDA92D6AAF38CBC5AC8E59D7B268532BF6A451A0CEF706FB7A9DD59A12664A79D680B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9768 |
Entropy (8bit): | 7.633561594584427 |
Encrypted: | false |
SSDEEP: | 192:Z1RBeYBwiJj/oGSU8lsMkvEfMtf9eTaiP:ZrBrBB3zssMksfMXabP |
MD5: | F02D481604F758EBF235BEF743CA83CC |
SHA1: | 7AF6BD58362953DB03F5E7901FA65A05A96BF2CC |
SHA-256: | C9E43F8F52791E353899EA8A7485A8DBEDDDE9CF5222FDD143600AC950282C42 |
SHA-512: | 2BB8A55F53F08F54CE58907E99093290E26044290D36D0536D529056286ED629B0EB8E9F60383B43058F640B99E53085F1FEA57BA13DACAB2EAED09AD6D0288D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271028 |
Entropy (8bit): | 7.972121533056188 |
Encrypted: | false |
SSDEEP: | 6144:KXfOMObGwoMRCqocPWiQo24gg+0MzUpYTjidyVHgahN6:6gbDLocPQovgqMwpAjlvv6 |
MD5: | A9229F9D21D17C051B3EEA5B89969A07 |
SHA1: | B3CFCF45E826205AB09BC9055E5DC8F78C041CFF |
SHA-256: | 3C20F4BD5A87A6956456DD5BD1DDE2585F36ECFF2E0E8476D08C804570CDBE0A |
SHA-512: | 728208CA648B331B7094DBD64C6A7E571EB3065D6D68DA37E7773ADC53BDDA92D6AAF38CBC5AC8E59D7B268532BF6A451A0CEF706FB7A9DD59A12664A79D680B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9768 |
Entropy (8bit): | 7.633561594584427 |
Encrypted: | false |
SSDEEP: | 192:Z1RBeYBwiJj/oGSU8lsMkvEfMtf9eTaiP:ZrBrBB3zssMksfMXabP |
MD5: | F02D481604F758EBF235BEF743CA83CC |
SHA1: | 7AF6BD58362953DB03F5E7901FA65A05A96BF2CC |
SHA-256: | C9E43F8F52791E353899EA8A7485A8DBEDDDE9CF5222FDD143600AC950282C42 |
SHA-512: | 2BB8A55F53F08F54CE58907E99093290E26044290D36D0536D529056286ED629B0EB8E9F60383B43058F640B99E53085F1FEA57BA13DACAB2EAED09AD6D0288D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271028 |
Entropy (8bit): | 7.972121533056188 |
Encrypted: | false |
SSDEEP: | 6144:KXfOMObGwoMRCqocPWiQo24gg+0MzUpYTjidyVHgahN6:6gbDLocPQovgqMwpAjlvv6 |
MD5: | A9229F9D21D17C051B3EEA5B89969A07 |
SHA1: | B3CFCF45E826205AB09BC9055E5DC8F78C041CFF |
SHA-256: | 3C20F4BD5A87A6956456DD5BD1DDE2585F36ECFF2E0E8476D08C804570CDBE0A |
SHA-512: | 728208CA648B331B7094DBD64C6A7E571EB3065D6D68DA37E7773ADC53BDDA92D6AAF38CBC5AC8E59D7B268532BF6A451A0CEF706FB7A9DD59A12664A79D680B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9768 |
Entropy (8bit): | 7.633561594584427 |
Encrypted: | false |
SSDEEP: | 192:Z1RBeYBwiJj/oGSU8lsMkvEfMtf9eTaiP:ZrBrBB3zssMksfMXabP |
MD5: | F02D481604F758EBF235BEF743CA83CC |
SHA1: | 7AF6BD58362953DB03F5E7901FA65A05A96BF2CC |
SHA-256: | C9E43F8F52791E353899EA8A7485A8DBEDDDE9CF5222FDD143600AC950282C42 |
SHA-512: | 2BB8A55F53F08F54CE58907E99093290E26044290D36D0536D529056286ED629B0EB8E9F60383B43058F640B99E53085F1FEA57BA13DACAB2EAED09AD6D0288D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\hesaphareketi-01.exe |
File Type: | |
Category: | modified |
Size (bytes): | 28674 |
Entropy (8bit): | 3.584062032869899 |
Encrypted: | false |
SSDEEP: | 768:Jx7TYScFCo3T3iCyv/3bntWUl+nU+nokU/WsX2HzZmL5sCWi:zTYScFCo3T3izv/3bntWUl+nU+nokU/3 |
MD5: | 5E6859127C5512B93D242E69968504F2 |
SHA1: | 60F72690BCFB2D2D0ABCAB606B7DC6DF16976F26 |
SHA-256: | 02719B524B7AD3A5EE7D5812B3165CBDCCE3F33463F75FD4282074549914B443 |
SHA-512: | 77DA1BA3121320240112CCC3C1A56535E010BC59113F19DA9655074D7A32798644EF6F432F8445CAB5D56D59C3FDC949B17C2BCEE229542910634F1A778917B3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\hesaphareketi-01.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 7.897606562107969 |
Encrypted: | false |
SSDEEP: | 6144:p+Iau1x7/hNejrv53SVriRuBCR536CbnAoSPOz:EIaW7/hWv6rVCT9nAFmz |
MD5: | 53CB22F6455800A3BA89DAD4E91D8AB7 |
SHA1: | 7C15E05820248E34C0F339ADF7FD4D0065CDA14E |
SHA-256: | C3BF329A7A6D009DDE75BFDEE126473A9E498CE8246C7196717465CC90D243EA |
SHA-512: | 50B93D0292C5CA0D4BB976CBCB1713D0D4BCCEB5EB0DE5B9487A826CCB018082729C3C3CF87FA634699E7E03EE2F8CFDD977D774248FFDAF11F37B2C066A3B14 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\hesaphareketi-01.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1426944 |
Entropy (8bit): | 6.829592279872502 |
Encrypted: | false |
SSDEEP: | 24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd |
MD5: | 7CCB3C07BF2918BBCAD959E27E17F083 |
SHA1: | 978F8C090DA4173CDF2544B38B5E53AA6FC2FAB7 |
SHA-256: | E7413D14BE16F0EF9D69AB606B79523851EDCE48DDB94D335388F6EF10BB6388 |
SHA-512: | 22D2552EB839A9643CD939ACF70501B91A933B44C29FDA7CCFC1BF5C3B1DA44229E87DCA3177424C23D30B61F76CEAD0DCD2C25BCED77CC141A5EBD6F29C56CC |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.vbs ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Users\user\AppData\Local\directory\svchost.exe |
File Type: | |
Category: | modified |
Size (bytes): | 282 |
Entropy (8bit): | 3.437698893198017 |
Encrypted: | false |
SSDEEP: | 6:DMM8lfm3OOQdUfclMMlW8g1UEZ+lX1Al1AX66AnriIM8lfQVn:DsO+vNlMkXg1Q1A1XmA2n |
MD5: | 3E75EF1E90D835BDAB3F3E041F6034A6 |
SHA1: | 13796973D29CB3698B652246951DB9A1F289D6D7 |
SHA-256: | 6915EBB0F1B6877CA9563CAF5B99057049869CDD7E86906DFAE4F848FD3F7CE0 |
SHA-512: | 78A4982BFC1319F632A435055B269B00232AD419F4C3E8B975A533BC1B60746925514EB019048130559D9C63028B9DB904FDC9447EF38A5719040AE774C98F21 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 6.829592279872502 |
TrID: |
|
File name: | hesaphareketi-01.exe |
File size: | 1'426'944 bytes |
MD5: | 7ccb3c07bf2918bbcad959e27e17f083 |
SHA1: | 978f8c090da4173cdf2544b38b5e53aa6fc2fab7 |
SHA256: | e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388 |
SHA512: | 22d2552eb839a9643cd939acf70501b91a933b44c29fda7ccfc1bf5c3b1da44229e87dca3177424c23d30b61f76cead0dcd2c25bced77cc141a5ebd6f29c56cc |
SSDEEP: | 24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd |
TLSH: | 6265C0033381D066FF9B92334B6AE6554B7C6D2A4133B91F139C397ABA70172163E663 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | 98e2a3b29b9ba181 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66A2EA7D [Fri Jul 26 00:14:53 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F82707D5663h |
jmp 00007F82707D4F6Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F82707D514Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F82707D511Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F82707D7D0Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F82707D7D58h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F82707D7D41h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x85b44 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x15a000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x85b44 | 0x85c00 | d68db13276159e121ce8bb6774bf1ca6 | False | 0.6537364924065421 | data | 6.625245820154727 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x15a000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd4458 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd4580 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd46a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd47d0 | 0x33428 | Device independent bitmap graphic, 198 x 512 x 32, image size 202752, resolution 7874 x 7874 px/m | English | Great Britain | 0.13495903981710802 |
RT_MENU | 0x107bf8 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0x107c48 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0x1081dc | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0x108868 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0x108cf8 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0x1092f4 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0x109950 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0x109db8 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0x109f10 | 0x4f716 | data | 1.000325754921665 | ||
RT_GROUP_ICON | 0x159628 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x15963c | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x159650 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x159664 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x159678 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x159754 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-26T09:28:35.751015+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49709 | 20.114.59.183 | 192.168.2.7 |
2024-07-26T09:29:13.984243+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49716 | 20.114.59.183 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 09:28:22.326683998 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:22.332300901 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:22.332410097 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.064399958 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.065337896 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.070302963 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.232450962 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.235796928 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.241972923 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.408287048 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.419652939 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.425196886 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.594178915 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.594234943 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.594245911 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.594378948 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.644068956 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.648889065 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.815005064 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:23.832745075 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:23.837789059 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.001095057 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.002338886 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:24.007359982 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.173393965 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.174701929 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:24.183026075 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.652523041 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.652853012 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:24.658832073 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.835227966 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:24.835635900 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:24.848756075 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.026390076 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.026649952 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.031539917 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.193887949 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.194763899 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.194830894 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.194854975 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.194890022 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.199763060 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.199775934 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.199788094 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.199800014 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.479321003 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.534137964 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.671852112 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.684897900 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.850708008 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.864212036 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.865269899 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:25.874227047 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:25.874339104 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:26.456748962 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.456896067 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:26.461667061 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.638889074 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.639131069 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:26.646224022 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.814392090 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.815232992 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:26.820713043 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.995887041 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.995912075 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.995938063 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:26.996001005 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:26.997891903 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:27.005470037 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.171631098 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.172945976 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:27.178961039 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.344738960 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.345050097 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:27.350048065 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.515414953 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.515711069 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:27.520654917 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.694652081 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.694977999 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:27.700968027 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.865314960 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:27.868724108 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:27.875298977 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.069890022 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.070120096 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.075046062 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.240107059 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.241499901 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241574049 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241607904 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241658926 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241719007 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241755009 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241795063 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241822004 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241877079 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.241877079 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:28.246608019 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.246622086 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.246634007 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.246860027 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.247209072 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.515594006 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:28.565367937 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:35.977798939 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:35.983103991 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:35.983202934 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:36.382132053 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:36.545331955 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:36.545618057 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:36.550595045 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:36.711930990 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:36.712272882 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:36.717232943 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:36.885413885 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:36.889549017 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:36.894649029 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.066459894 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.066503048 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.066514969 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.066625118 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:37.068392992 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:37.073250055 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.235311985 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.248517990 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:37.253540993 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.414742947 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:37.416074038 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:37.420952082 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.604008913 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.604367018 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:38.614924908 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.614950895 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.614965916 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.615001917 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:38.615001917 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:38.615024090 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:38.628684998 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.783353090 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.783828974 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:38.789468050 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.961935997 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:38.962605953 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:38.968837976 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.140575886 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.140847921 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.146239042 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.307365894 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.308281898 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.308382034 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.308382034 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.308478117 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.313189030 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.313298941 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.313309908 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.313477993 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.748722076 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.759049892 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.759109974 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.801134109 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.806114912 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.985371113 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:39.988991976 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:39.990001917 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.002911091 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.052902937 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.054137945 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.054543018 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.054560900 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.054606915 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.055668116 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.055695057 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.055764914 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.056694984 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.056740999 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.637592077 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.638025045 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.643014908 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.808615923 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.808943033 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.814172983 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.983532906 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:41.984235048 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:41.989192009 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.167578936 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.167598963 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.167610884 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.167757034 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:42.169497013 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:42.176677942 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.345566034 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.347265005 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:42.598113060 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.598257065 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:42.599334955 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.758769989 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.759320021 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:42.767287016 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.933788061 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:42.934281111 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:42.939779043 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.111854076 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.112170935 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.117052078 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.282543898 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.282812119 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.287714958 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.464205980 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.464545012 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.469433069 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.647098064 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.647692919 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647799015 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647799015 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647830963 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647880077 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647911072 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647967100 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.647995949 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.648021936 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.648056984 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:28:43.652885914 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.652899027 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.652908087 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.652918100 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.652926922 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.652935982 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.652945042 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:43.987673044 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:28:44.034339905 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:30:15.941087008 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Jul 26, 2024 09:30:15.946127892 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:30:16.114233971 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 |
Jul 26, 2024 09:30:16.115233898 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 09:28:22.232264042 CEST | 51021 | 53 | 192.168.2.7 | 1.1.1.1 |
Jul 26, 2024 09:28:22.318058968 CEST | 53 | 51021 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 26, 2024 09:28:22.232264042 CEST | 192.168.2.7 | 1.1.1.1 | 0x2e4b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 26, 2024 09:28:22.318058968 CEST | 1.1.1.1 | 192.168.2.7 | 0x2e4b | No error (0) | 78.110.166.82 | A (IP address) | IN (0x0001) | false |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Jul 26, 2024 09:28:23.064399958 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 08:28:22 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 09:28:23.065337896 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 | EHLO 783875 |
Jul 26, 2024 09:28:23.232450962 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 | 250-cphost14.qhoster.net Hello 783875 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 09:28:23.235796928 CEST | 49707 | 587 | 192.168.2.7 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 09:28:23.408287048 CEST | 587 | 49707 | 78.110.166.82 | 192.168.2.7 | 220 TLS go ahead |
Jul 26, 2024 09:28:26.456748962 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 08:28:26 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 09:28:26.456896067 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 | EHLO 783875 |
Jul 26, 2024 09:28:26.638889074 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 | 250-cphost14.qhoster.net Hello 783875 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 09:28:26.639131069 CEST | 49708 | 587 | 192.168.2.7 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 09:28:26.814392090 CEST | 587 | 49708 | 78.110.166.82 | 192.168.2.7 | 220 TLS go ahead |
Jul 26, 2024 09:28:36.545331955 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 08:28:36 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 09:28:36.545618057 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 | EHLO 783875 |
Jul 26, 2024 09:28:36.711930990 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 | 250-cphost14.qhoster.net Hello 783875 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 09:28:36.712272882 CEST | 49714 | 587 | 192.168.2.7 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 09:28:36.885413885 CEST | 587 | 49714 | 78.110.166.82 | 192.168.2.7 | 220 TLS go ahead |
Jul 26, 2024 09:28:41.637592077 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 | 220-cphost14.qhoster.net ESMTP Exim 4.96.2 #2 Fri, 26 Jul 2024 08:28:41 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jul 26, 2024 09:28:41.638025045 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 | EHLO 783875 |
Jul 26, 2024 09:28:41.808615923 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 | 250-cphost14.qhoster.net Hello 783875 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP |
Jul 26, 2024 09:28:41.808943033 CEST | 49715 | 587 | 192.168.2.7 | 78.110.166.82 | STARTTLS |
Jul 26, 2024 09:28:41.983532906 CEST | 587 | 49715 | 78.110.166.82 | 192.168.2.7 | 220 TLS go ahead |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:28:15 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\Desktop\hesaphareketi-01.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x650000 |
File size: | 1'426'944 bytes |
MD5 hash: | 7CCB3C07BF2918BBCAD959E27E17F083 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 03:28:16 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\AppData\Local\directory\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 1'426'944 bytes |
MD5 hash: | 7CCB3C07BF2918BBCAD959E27E17F083 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:28:18 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 03:28:18 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\AppData\Local\directory\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 1'426'944 bytes |
MD5 hash: | 7CCB3C07BF2918BBCAD959E27E17F083 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 03:28:19 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 03:28:30 |
Start date: | 26/07/2024 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c1a00000 |
File size: | 170'496 bytes |
MD5 hash: | A47CBE969EA935BDD3AB568BB126BC80 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 03:28:30 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\AppData\Local\directory\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 1'426'944 bytes |
MD5 hash: | 7CCB3C07BF2918BBCAD959E27E17F083 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 03:28:32 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 03:28:32 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\AppData\Local\directory\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 1'426'944 bytes |
MD5 hash: | 7CCB3C07BF2918BBCAD959E27E17F083 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 11 |
Start time: | 03:28:34 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 2.8% |
Dynamic/Decrypted Code Coverage: | 0.9% |
Signature Coverage: | 3.1% |
Total number of Nodes: | 1934 |
Total number of Limit Nodes: | 55 |
Graph
Function 006542DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0065D730 Relevance: 21.6, APIs: 14, Instructions: 624windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0065344D Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00652CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00688D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00652B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00653170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00600920 Relevance: 10.7, APIs: 7, Instructions: 151fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00685AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006023C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 155fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00653B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00653923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00601000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006510F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00653837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00601070 Relevance: 1.7, APIs: 1, Instructions: 163COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00654ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00688402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0067E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00684C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00683820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00654F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00652DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C2693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00652B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006008E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006008B0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00651CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AD8DD Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006022AC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006022B0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006CED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00658060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0067CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0065CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006709D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0067781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00686DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00657920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006591C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00671C77 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006719B0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00677A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00677CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00671706 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066D07D Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00603640 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006034D0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00603530 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00601E80 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00668D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00668891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0065326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006CC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00668BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00669838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00682C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00651410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00655BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006CC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00691522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006801B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006861FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006A7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00674D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00654E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00654E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00669639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006822A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006695C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00680F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00688A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0067D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0065600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00683073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006698B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0066F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006CD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006CCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|